name: Annocheck

on:
  push:
    paths-ignore:
      - 'doc/**'
      - '**/man'
      - '**.md'
      - '**.rdoc'
      - '**/.document'
  pull_request:
    paths-ignore:
      - 'doc/**'
      - '**/man'
      - '**.md'
      - '**.rdoc'
      - '**/.document'
  merge_group:
    paths-ignore:
      - 'doc/**'
      - '**/man'
      - '**.md'
      - '**.rdoc'
      - '**/.document'

concurrency:
  group: ${{ github.workflow }} / ${{ startsWith(github.event_name, 'pull') && github.ref_name || github.sha }}
  cancel-in-progress: ${{ startsWith(github.event_name, 'pull') }}

# GitHub actions does not support YAML anchors.  This creative use of
# environment variables (plus the "echo $GITHUB_ENV" hack) is to reroute that
# restriction.
env:
  default_cc: clang-15
  append_cc: ''

  # -O1 is faster than -O3 in our tests... Majority of time are consumed trying
  # to optimize binaries.  Also GitHub Actions run on relatively modern CPUs
  # compared to, say, GCC 4 or Clang 3.  We don't specify `-march=native`
  # because compilers tend not understand what the CPU is.
  optflags: '-O1'

  # -g0 disables backtraces when SEGV.  Do not set that.
  debugflags: '-ggdb3'

  default_configure: >-
    --enable-debug-env
    --disable-install-doc
    --with-ext=-test-/cxxanyargs,+
  append_configure: >-
    --without-valgrind
    --without-jemalloc
    --without-gmp

  CONFIGURE_TTY: never
  GITPULLOPTIONS: --no-tags origin ${{github.ref}}
  RUBY_DEBUG: ci rgengc
  RUBY_TESTOPTS: >-
    -q
    --color=always
    --tty=no

permissions:
  contents: read

jobs:
  compile:
    strategy:
      fail-fast: false
      matrix:
        env:
          - {}
        entry:
          - name: 'gcc-11 annocheck'
            container: gcc-11
            env:
              # Minimal flags to pass the check.
              default_cc: 'gcc-11 -fcf-protection -Wa,--generate-missing-build-notes=yes'
              optflags: '-O2'
              LDFLAGS: '-Wl,-z,now'
              # FIXME: Drop skipping options
              # https://bugs.ruby-lang.org/issues/18061
              # https://sourceware.org/annobin/annobin.html/Test-pie.html
              TEST_ANNOCHECK_OPTS: "--skip-pie --skip-gaps"
            check: true

    name: ${{ matrix.entry.name }}
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/ruby/ruby-ci-image:${{ matrix.entry.container || matrix.entry.env.default_cc || 'clang-15' }}
      options: --user root
    if: ${{ !contains(github.event.head_commit.message, '[DOC]') && !contains(github.event.pull_request.labels.*.name, 'Documentation') }}
    env: ${{ matrix.entry.env || matrix.env }}
    steps:
      - run: id
        working-directory:
      - run: mkdir build
        working-directory:
      - name: setenv
        run: |
          echo "GNUMAKEFLAGS=-sj$((1 + $(nproc --all)))" >> $GITHUB_ENV
      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
        with:
          path: src
      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
        with:
          path: src/.downloaded-cache
          key: downloaded-cache
      - name: autogen
        run: |
          if [ ! -f ./autogen.sh ]; then
            ls -la
          fi
          ./autogen.sh
        working-directory: src
      - name: Run configure
        run: >
          ../src/configure -C ${default_configure} ${append_configure}
          --${{
            matrix.entry.crosshost && 'host' || 'with-gcc'
          }}=${{
            matrix.entry.crosshost || '"${default_cc}${append_cc:+ $append_cc}"'
          }}
          --${{ matrix.entry.shared || 'enable' }}-shared
      - run: make extract-extlibs
      - run: make incs
      - run: make showflags
      - run: make
      - run: make test
      - run: make install
        if: ${{ matrix.entry.check }}
      - run: make test-tool
        if: ${{ matrix.entry.check }}
      ### test-all doesn't work: https://github.com/ruby/ruby/actions/runs/4340112185/jobs/7578344307
      # - run: make test-all TESTS='-- ruby -ext-'
      #   if: ${{ matrix.entry.check }}
      ### test-spec doesn't work: https://github.com/ruby/ruby/actions/runs/4340193212/jobs/7578505652
      # - run: make test-spec
      #   env:
      #     CHECK_LEAKS: true
      #   if: ${{ matrix.entry.check }}
      - run: make test-annocheck
        if: ${{ matrix.entry.check && endsWith(matrix.entry.name, 'annocheck') }}

      - uses: ruby/action-slack@0bd85c72233cdbb6a0fe01d37aaeff1d21b5fce1 # v3.2.1
        with:
          payload: |
            {
              "ci": "GitHub Actions",
              "env": "${{ github.workflow }} / ${{ matrix.entry.name }}",
              "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
              "commit": "${{ github.sha }}",
              "branch": "${{ github.ref_name }}"
            }
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SIMPLER_ALERTS_URL }} # ruby-lang slack: ruby/simpler-alerts-bot
        if: ${{ failure() && github.event_name == 'push' }}

defaults:
  run:
    working-directory: build
